CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
qemuqemu
𝑥
≤ 2.11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
jessie
ignored
wheezy
postponed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
artful
Fixed 1:2.10+dfsg-0ubuntu3.5
released
zesty
ignored
xenial
ignored
trusty
ignored
qemu-kvm
artful
dne
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102295
https://access.redhat.com/errata/RHSA-2018:0816
https://access.redhat.com/errata/RHSA-2018:1104
https://access.redhat.com/errata/RHSA-2018:1113
https://access.redhat.com/errata/RHSA-2018:3062
https://bugzilla.redhat.com/show_bug.cgi?id=1525195
https://usn.ubuntu.com/3575-1/
https://www.debian.org/security/2018/dsa-4213
http://www.securityfocus.com/bid/102295
https://access.redhat.com/errata/RHSA-2018:0816
https://access.redhat.com/errata/RHSA-2018:1104
https://access.redhat.com/errata/RHSA-2018:1113
https://access.redhat.com/errata/RHSA-2018:3062
https://bugzilla.redhat.com/show_bug.cgi?id=1525195
https://usn.ubuntu.com/3575-1/
https://www.debian.org/security/2018/dsa-4213